Are you a Director or Manager or Member in an Organisation resisting the resourcing of GDPR Activities? Best read on then…

You will not often get an article from me about the ‘scary bits’ in the GDPR; I’m a glass-half-full kind of a person however, on this news, I’ve made an exception…

The GDPR (General Data Protection Regulation) comes into force on 25th May 2018 and all organisations must comply with the Regulation.

However, I have recently met with a couple of senior representatives of organisations who have openly stated that ‘they are not providing a budget for any GDPR compliance project’. I find it hard to believe that they will be able to demonstrate full compliance with the GDPR on at least two grounds, 1) it is not funded therefore, it will be difficult if not impossible to move towards compliance and 2) compliance is a ‘culture’ and culture is made up of actions and attitude in unison. That attitude will clearly not support demonstrable compliance with the GDPR.

I was then very interested today when my attention was drawn by a compliance colleague to a publication of the new Data Protection Bill going through the UK Parliament which is bringing the GDPR into UK Law. In addition to the GDPR, the UK Bill is adding and clarifying some data protection and information security issues.

Tucked down in the section on Offences is 191 Liability of Directors which reads as follows:

191 Liability of directors etc

(1) Subsection (2) applies where —

(a) an offence under this Act has been committed by a body corporate, and

(b) it is proved to have been committed with the consent or connivance of or to be attributable to neglect on the part of —

(i) a director, manager, secretary or similar officer of the body corporate, or

(ii) a person who was purporting to act in such a capacity.

(2) The director, manager, secretary, officer or person, as well as the body corporate, is guilty of the offence and liable to be proceeded against and punished accordingly.

(3) Where the affairs of a body corporate are managed by its members, subsections (1) and (2) apply in relation to the acts and omissions of a member in connection with the member’s management functions in relation to the body as if the member were a director of the body corporate.

(4) Subsection (5) applies where —

(a) an offence under this Act has been committed by a Scottish partnership, and

(b) the contravention in question is proved to have occurred with the consent or connivance of, or to be attributable to any neglect on the part of, a partner.

(5) The partner, as well as the partnership, is guilty of the offence and liable to be proceeded against and punished accordingly.

Now read it again, slowly… Have you spotted it?

Yes, exactly. So if a Director or Manager or Company Secretary (or even a member managing personal data for a membership organisation), and are shown to ‘consent’ to blocking resources which means that the organisation is non-compliant, or they connive (plot, scheme, conspire, hatch…) with others or are deemed to neglect the duties of their office, then they may well have committed an offence and to quote 191 (2), The director, manager, secretary, officer or person, as well as the body corporate, is guilty of the offence and liable to be proceeded against and punished accordingly.

The biggest expenditure an organisation is likely to have in complying with the GDPR is people and time. The GDPR is coming into force and all organisations need to comply, simple as that.

Privacy Overview

We use cookies (a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing) for the effective functioning of our website and you can read more about cookies within our Privacy Notice.

When you visit a site that uses cookies for the first time, a cookie is downloaded onto your computer/mobile device so that the next time you visit that site, your device will remember useful information such as items added in the shopping cart, visited pages or logging in options. Cookies are widely used in order to make websites work, or to work more efficiently, and our site relies on cookies to optimise user experience and for features and services to function properly.

Most web browsers allow some control to restrict or block cookies through the browser settings, however if you disable cookies you may find this affects your ability to use certain parts of our website or services. For more information about cookies visit About Cookies, an external information resource to this site

We have also issued a Privacy Notice to summarise who we are, what data we might collect, how we will look after that data, and what steps we take to provide data and information security. We process data for no longer than is necessary for the purpose it has been requested or provided for.

Necessary / Functional

User Experience Enhancement

These cookies are not essential for the smooth running of our website however, they do offer to enhance the user experience by allowing the user to make adjustment in such things as how a video is viewed.

Statistical / Analytical

These cookies are used for statistical analysis of the performance of the website such as Google’s Analytics, and most are used by third-parties to monitor your use of their product i.e., YouTube videos on this site, etc.